BlockBeats news: On the early hours of June 14, the Humanity project team issued a statement revealing that on June 8, a cross-chain attack targeting the H token occurred. The attacker gained access to the devices of project executives via phishing emails, stole private keys, and executed on-chain operations. The report noted that the technical methods and toolchain used in this attack exhibit characteristics similar to those associated with North Korean hacking groups.
The attack occurred in a dual-chain environment involving Ethereum and BNB Chain. The attacker used stolen keys to upgrade the Ethereum contract and transferred approximately 141.18 million H tokens, while simultaneously taking control of the ProxyAdmin contract on BSC and minting additional tokens. Subsequently, the attacker sold the related assets in batches on Uniswap and PancakeSwap over approximately eight hours, impacting liquidity and token holders.
The project team stated that the attack vector was a targeted social engineering phishing email, disguised as an update notification related to the exchange Bithumb, which tricked victims into opening a malicious attachment, thereby installing a remote access trojan and ultimately gaining full control of the device to steal wallet data and private keys.
Regarding current progress, the Ethereum side H contract has been frozen by an uncompromised multisig mechanism; however, the deployment on the BSC chain remains under the attacker’s control and retains the ability to continuously mint new tokens. The project team states it is collaborating with exchanges and related parties to develop a subsequent recovery and remediation plan, and urges users to remain vigilant against counterfeit links and phishing scams.